The Hacker News — Cyber Security, Hacking, Technology News

Remember how some cybercriminals shut down most of Washington D.C. police's security cameras for four days ahead of President Donald Trump's inauguration earlier this year?

Just a few days after the incident, British authorities arrested two people in the United Kingdom, identified as a British man and a Swedish woman, both 50-year-old, on request of U.S. officials.

But now US federal court affidavit has revealed that two Romanian nationals were behind the attack that hacked into 70% of the computers that control Washington DC Metropolitan Police Department's surveillance camera network in January this year, CNN reports.

The two suspects—Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28—were arrested in Bucharest on December 15 on charges of conspiracy to commit wire fraud and various forms of computer fraud.

According to the criminal complaint unsealed in Washington, the pair hacked 123 of the Metropolitan Police Department's 187 outdoor surveillance cameras used to monitor public areas in D.C. by infecting computers with ransomware in an effort to extort money.

Ransomware is an infamous piece of malicious software that has been known for locking up computer files and then demanding a ransom (usually in Bitcoins) to help victims unlock their files.

The cyber attack occurred just days before the inauguration of President Donald Trump and lasted for almost four days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January 2017.

Instead of fulfilling ransom demands, the DC police department took the storage devices offline, removed the infection and rebooted the systems across the city, ensuring that the surveillance camera system was secure and fully operational.

"This case was of the highest priority due to its impact on the Secret Service’s protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration," the Justice Department said.

"The investigation revealed no evidence that any person’s physical security was threatened or harmed due to the disruption of the MPD surveillance cameras."

The affidavit, dated December 11, mentions the defendants used two types of cryptocurrency ransomware variants—Cerber and Dharma. Other evidence also revealed a scheme to distribute ransomware by email to at least 179,000 email addresses.

"According to the complaint, further investigation showed that the two defendants, Isvanca and Cismaru, participated in the ransomware scheme using the compromised MPD surveillance camera computers, among others," the Justice Department said.

"The investigation also identified certain victims who had received the ransomware or whose servers had been accessed during the scheme."

However, it is still unclear whether the pair arrested was solely behind the attack or were part of a more comprehensive cybercriminal network.

While Isvanca remains in custody in Romania, Cismaru is under house arrest pending further legal proceedings, according to the Justice Department.

If extradited and convicted, the Romanian defendants could face a maximum of 20 years in prison.

Romanian police have arrested five individuals suspected of infecting tens of thousands of computers across Europe and the United States in recent years by spreading two infamous ransomware families—Cerber and CTB Locker.

Under Operation Bakovia—a major global police operation conducted by Europol, the FBI and law enforcement agencies from Romanian, Dutch, and the UK—raided six houses in East Romania and made five arrests, Europol said on Wednesday.

One thing to note is that all of the five suspects were not arrested for developing or maintaining the infamous ransomware strains, but for allegedly spreading CTB Locker and Cerber.

Based on CryptoLocker, CTB Locker, aka Critroni, was the most widely spread ransomware families in 2016 and was the first ransomware to use the Tor anonymizing network to hide its command and control servers.

Emerged in March 2016, Cerber ransomware works on ransomware-as-a-service (RaaS) model that helped it to gain widespread distribution, allowing any would-be hacker to spread the malware in exchange for 40% of each ransom amount paid.

While CTB Locker helped criminals made $27 million in ransom, Cerber was ranked by Google as the most criminally profitable ransomware that helped them earned $6.9 million up in July 2017.

As with most ransomware, CTB Locker and Cerber distributors were using the most common attack vectors, such as phishing emails and exploit kits.

"In early 2017, the Romanian authorities received detailed information from the Dutch High Tech Crime Unit and other authorities that a group of Romanian nationals was involved in sending spam messages," Europol said in its press release.

"The spam messages intended to infect computer systems and encrypt their data with the CTB-Locker ransomware aka Critroni. Each email had an attachment, often in the form of an archived invoice, which contained a malicious file. Once this attachment was opened on a Windows system, the malware encrypted files on the infected device."

Although the authorities did not release the actual identities of the arrested individuals yet, Europol released a dramatic video of the arrests, where you can see how armed officers stormed the suspects' residence.

A Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign.

Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week.

Leahu is believed to be a member of a European ATM hacking gang that stole more than £1.5 Million ($2 Million) from cash machines across the UK in 2014 using ATM malware to bypass security controls.

The gang physically broke into ATMs to directly load malware onto the machines, allowing it to withdraw "large amounts of cash." The malware was good enough to erase itself to hide its tracks, making it difficult to identify the culprit.

Three out of Five Gang Members Arrested

Luckily, due to the gang's carelessness, one of its members was recorded by a hidden ATM surveillance camera, which allowed the police to identify and arrest him.

The gang hit 51 ATMs in standalone public places across the UK, including London, Portsmouth, Bognor Regis, Brighton and Liverpool over the 2014 May Bank Holiday weekend.

This is the third arrest in the case after Grigore Paladi and Teofil Bortos, who were arrested and sentenced in 2014 and 2015 to 5 and 7 years in jail for their roles in robbing vulnerable ATMs.

According to the UK authorities, the gang has five members, with the other two suspects still remain at large in Romania. European arrest warrants have already been issued in their names as well.

Police also ensured bank customers that they are not affected by the theft as the gang's malware only tricked the bank ATMs to release cash, not from customers' accounts.

Global Campaigns to Bust ATM fraudsters

UK Police has recently risen to help international crime fighting efforts dedicated to anti-fraud and cracking down ATM hackers.

"Operating across borders has its challenges, but overseas law enforcement has been extremely co-operative, especially in Romania," LRFT head, detective inspector Matthew Mountford said. "Working together we will continue to ensure that organised criminal gang members have nowhere to hide."

Earlier this year, European police arrested eight members of an international ATM hacking gang who robbed ATMs across Europe and beyond using Tyupkin malware that made them the made millions in cash.

ATM fraudsters have risen in past few years. Just over a month back, the Central Bank of Thailand (BoT) issued a warning to all commercial banks about security flaws in their ATMs that made hackers over 12.29 Million Thailand Baht (over US$346,000).

A few months ago, ATM fraudsters managed to steal ¥1.4 Billion (approx. US$12.7 Million) from some 1,400 ATMs placed in small convenience stores across Japan.

A Romanian card skimmer arrested for being part of an international cybercrime group that used malware to plunder US$217,000 from ATMs has escaped from a Bucharest prison on Sunday morning (6th March).

Renato Marius Tulli, 34, was being held at Police Precinct 19 in Bucharest, the capital of Romania, after being arrested together with 7 other suspects as part of a joint Europol, Eurojust, and DIICOT investigation on January 5, 2016.

Tulli was part of a criminal gang specialized in robbing NCR-based ATMs.

According to the federal authorities, the gang allegedly used a piece of malware, dubbed Tyupkin, to conduct what's known as Jackpotting attack and made Millions by infecting ATMs across Europe and beyond.

Using Tyupkin malware, the criminals were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad.

Authorities announced on Monday that Tulli escaped with Grosy Gostel, 38, a man held for robbery charges, while both of them and other prisoners were out in the precinct's yard taking their daily outdoor break, local media report.

The ATM hacker and robber managed to cut a hole in the police precinct's fence and then jumped an outer fence at the police station without being noticed by the two officers that were keeping watch.

The 2 Police officers that were on duty that day are now investigated on charges of negligence.

Tulli and his criminal gang raided ATMs between December 2014 and October 2015 in countries including Romania, Hungary, Spain, the Czech Republic, and Russia. Europol estimates the group caused damages to banks of around US$217,000 (€200,000).

Tyupkin malware the gang used has been upgraded in recent months. The malware is now dubbed as GreenDispenser and is being used to target ATMs across Mexico.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

"Guccifer" arrested in Romania, the infamous hacker who was responsible for breaching the social media and email accounts of numerous high profile US and Romanian Politicians.

Romanian authorities collaborated with US services to catch him and the officers of the Directorate for Investigating Organized Crime and Terrorism (DIOCT) raided His House last Wednesday.

His well known leaks included the emails of former secretary of state 'Colin Powell', suggested that he was having an affair, which was later denied by Colin. He was also responsible for breaking into the Bush family e-mails. The Hacker also infiltrated the email from George Maior, chief of the Romanian Intelligence Service (SRI).

Guccifer is a 40-year-old Marcel Lazar Lehel, a resident of Arad, who was convicted of several other computer crimes in 2012, according to Romanian media report. But those charges stemmed from Lazăr Lehel's attacks on dozens of Romanian officials between October 2010 and July 2011.

He was the man who leaked paintings by George W Bush, including two self-portraits, one in the shower, one in the bathtub and has targeted a number of high profile celebrities, including Nicole Kidman, Comedian Steve Martin, Actress Mariel Hemingway, “Sex and the City” author Candace Bushnell, Biographer Kitty Kelley and many more.

The Good work may or may not gives fruitful results, but your bad work comes back to ruin your present, as well as future.

Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the Crystal Palace Ballroom on November 29-30, 2013.

The Crystal Palace Ballroom is hosting one of the most mesmerizing event of Hacking & Information security in Romania, Defcamp.

In its Fourth year, The conference aims - continues to impress its audience with IT knowledge sharing, competition with varying levels of difficulty, Romanian and foreign speakers, surprises and fun.

"We have awaited the 48 hours of DefCamp 2013 since the closing moment of the last edition. It is hypnotizing to exchange ideas, to compete, to expand your knowledge and to meet people who you know only from the virtual world. DCTF (DefCamp Capture the Flag) - our main competition of the conference, Hack the Machine, App2Own, Spot the Cop, Wall of Sheep are just a few of the activities that will try to captivate your attention at Defcamp 2013. Sometimes I wish I could participate for me to fully enjoy these moments!", said Andrei Avădăneifounder & Coordinator of the Defcamp conference.

Everyone can apply to be a speaker at the conference, DefCamp 2013 being the first edition where team officially launched a Call for Papers procedure.

The DCTF ( DefCamp Capture the Flag ) will have an online qualifying round followed by a death defying duel during the event between the teams that enter the finals.

The competition challenges are extremely provocative and various - exploits, cryptography, programming, steganography, forensics, reverse engineering etc., these subjects being dealt with in 25 problems from the first round.

Similar activities, like DCTF, but dedicated directly to the participants of the event are Hack the Machine and App2Own where everyone will have at their disposal different services and services to put their skills to the test and win awards.

DefCamp managed to, in just 3 editions, be the most awaited conference in the entire information security and hacking scene in Romania. It is the perfect time to join and feel the vibes.

For more details you can access the conference website or you can contact us directly at the address contact@defcamp.ro